
package de.unihannover.se.restlab.microblog.data;

import javax.servlet.http.HttpServletRequest;

import com.sun.jersey.core.util.Base64;

import de.unihannover.se.restlab.microblog.models.Account;
import de.unihannover.se.restlab.microblog.models.Role;

/** Useful methods for HTTP authorization
 * @author Martin */
public class AuthService {

	public static boolean isUserAuthenticated (HttpServletRequest request) {
		String auth = request.getHeader("Authorization");		
		
		// Vorher
		// TODO: Auf auth.startsWith(Basic) prüfen
		if(auth.contains("Basic"))
			System.out.println("Es wird basic verwendet!");
		
		String auth_data = new String(Base64.decode(auth.substring("Basic ".length())));
		String[] user_and_key = auth_data.split(":", 2);

		System.out.println("User: " + user_and_key[0] + " und Passwort: " + user_and_key[1]);
		for (Account acc : AccountStorage.getStorage().getAccounts()) {
			System.out.println("Account: " + acc.getUser().getName());
		}
		Account acc = AccountStorage.getStorage().getAccount(user_and_key[0]);
		if (acc == null) {
			return false;
		}

		System.out.println("User: " + acc.getUser().getName() + " und Passwort: " + acc.getPassword());
		if (acc.getPassword().equals(user_and_key[1])) {
			if (acc.getRole() == Role.User || acc.getRole() == Role.Admin) {
				return true;
			}
		}
		return false;
	}

	public static boolean isUserAuthenticatedAndAdmin (HttpServletRequest request) {
		String auth = request.getHeader("Authorization");
		String auth_data = new String(Base64.decode(auth.substring("Basic ".length())));
		String[] user_and_key = auth_data.split(":", 2);
		
		// Vorher
				// TODO: Auf auth.startsWith(Basic) prüfen
				if(auth.contains("Basic"))
					System.out.println("Es wird basic verwendet!");

		Account acc = AccountStorage.getStorage().getAccount(user_and_key[0]);
		if (acc == null) {
			return false;
		}

		if (acc.getPassword().equals(user_and_key[1])) {
			if (acc.getRole() == Role.Admin) {
				return true;
			}
		}
		return false;
	}

	public static boolean isUserAuthenticatedAndHasId (HttpServletRequest request, int userId) {
		String auth = request.getHeader("Authorization");
		String auth_data = new String(Base64.decode(auth.substring("Basic ".length())));
		String[] user_and_key = auth_data.split(":", 2);
		
		// Vorher
				// TODO: Auf auth.startsWith(Basic) prüfen
				if(auth.contains("Basic"))
					System.out.println("Es wird basic verwendet!");

		Account acc = AccountStorage.getStorage().getAccount(user_and_key[0]);
		if (acc == null) {
			return false;
		}

		if (acc.getPassword().equals(user_and_key[1])) {
			if (acc.getUser().getId() == userId) {
				return true;
			}
		}
		return false;
	}

// public static boolean isUserAnAdmin(String userName) {
// Account acc = AccountStorage.getAccount(userName);
// if (acc.getRole() == Role.Admin) {
// return true;
// }
// return false;
// }
//
// public static boolean isUserRegistered(String userName) {
// Account acc = AccountStorage.getAccount(userName);
// if (acc.getRole() == Role.User || acc.getRole() == Role.Admin) {
// return true;
// }
// return false;
// }

}
